[Dshield] "Personal Firewalls" are mostly snake-oil"

John Sage jsage at finchhaven.com
Sun Jul 21 03:49:10 GMT 2002


On Sat, Jul 20, 2002 at 09:21:43PM +0100, Keith G wrote:
> In view of the above statement taken from Sam Spades site. Are home users
> wasting their time using so called "Personal Firewalls"?.
> Keith G
> Home User
> Zone Alarm Pro 3.0.133

The biggest issue is simply that "home users" are most often running
Window$, often running services that they are utterly unaware of (the
home Win 2K user running IIS without knowing it; viz: the ongoing
Code Red and Nimda epidemic continues almost unabated, one *year*
later..), and most "personal firewalls" follow the Window$ model of
hiding unpleasant details that require reading and thinking and
decision-making from the hapless consumer.

Computer users are viewed as commodity consumers, meant to purchase
"personal firewalls" as they purchase fast food: buy the sizzle (what
PR fluff appears on ZDNet..) and don't worry about what's really *in*
the damn thing, let alone worry about how it works.

In that context, yes, IMHO, "personal firewalls" are snake oil.

Are they worse than nothing? Perhaps, if the user feels that they are
secure when they aren't.

The biggest problem is that, just as with the Window$ model itself,
"personal firewalls" lock you into the same upgrade nose-ring that the
anti-virus companies are inflicting upon users: unless you keep up
with a relentless cycle of updates and latest-version purchases,
you're soon going to be SOL as new exploits come out.

BTW: my "personal firewall"?

A home-built, single purpose firewall/router: an ASUS P55TP4N mobo
running a Pentium 150mhz, 96Mb RAM; running Linux 2.2.14-5.0; ipchains
1.3.9; snort 1.8.7 build 128; p0f 1.8.2; and Psionic's PortSentry and

All it does is IP masquerade for the other boxes on my home network;
run a caching-only nameserver; and pick up time signals via xntpd.

Oh. And have scores of probes bounce off it, all day, all night,
everyday, 24/7/365...

- John
"Obviously, we do not want to leave zombies around."

PGP key      http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint  FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 

More information about the list mailing list